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CLAIMS 

1. A method of controlling access to an electronic document, comprising: 
receiving at a document management system a request from a first user for an 

electronic document at a first user location, a rendition of the electronic document being 
stored in a document repository in the document management system; 

authenticating the first user at the document management system, using a set of 
access policies for the electronic document, to verify that the first user is authorized to obtain 
the electronic document; and 

if the first user is authorized to obtain the electronic document, 

passing an encrypted rendition of the electronic document to the first user; 
receiving at the document management system a request from a second user 
for access to the encrypted rendition; 

authenticating the second user at the document management system, using the 
set of access policies, to establish which operations the second user is allowed to 
perform on the encrypted rendition; 

creating, at the document management system, a voucher, the voucher 
including an electronic key operable to decrypt the encrypted rendition of the 
electronic document and the set of access policies for the electronic document; and 
passing the electronic voucher to a second user location. 

2. The method of claim 1 , further comprising: 

creating, at the document management system, the encrypted rendition using the 
rendition that is stored in the document repository. 

3. The method of claim 1 , wherein creating a voucher comprises: 

obtaining the set of access policies for the second user from an access control list that 
is associated with the electronic document; and 

including the obtained set of access policies in the electronic voucher. 

4. The method of claim 1, wherein the set of access policies for the electronic document 
identify one or more of the following operations: 
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adding content to the rendition, adding comments to the rendition, applying a digital 
signature to the rendition, saving the rendition, printing the rendition, importing form data 
into the rendition, exporting form data from the rendition, and transmitting the rendition to 
another user. 

5. The method of claim 1, further comprising: 

including a list of application rights in the electronic voucher prior to passing the 
electronic voucher to the second user location. 

6. The method of claim 1 , further comprising: 

including expiration information in the electronic voucher prior to passing the 
electronic voucher to the second user location. 

7. The method of claim 6, wherein the expiration information includes one or more of: 
a predetermined number of access operations before the voucher expires, a particular time 
period before the voucher expires, and a particular time when the voucher expires. 

8. The method of claim 2, wherein: 

providing the encrypted rendition includes providing the encrypted rendition from a 
location other than the document repository. 

9. The method of claim 8, wherein: 

providing the encrypted rendition includes providing the encrypted rendition from the 
first user location. 

10. The method of claim 1 , wherein the rendition is a Portable Document Format 
document. 

1 1 . The method of claim 1 , further comprising: 

recording information relating to the request in an audit trail for the electronic 
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document. 

12. The method of claim 1, wherein the first user and the second user are the same 
individual. 

13. The method of claim 1, wherein the first user location and the second user location 
are identical. 

14. A method of accessing an electronic document, comprising: 

requesting, from a document management system, access at a user location to an 
electronic document, one or more renditions of the electronic document being stored in a 
document repository in the document management system; 

receiving at the user location an electronic voucher for the electronic document, the 
electronic voucher being issued by the document management system and including an 
electronic key operable to decrypt an encrypted rendition of the electronic document; and 

using the electronic key of the electronic voucher at the user location to decrypt the 
encrypted rendition of the electronic document. 

1 5 . The method of claim 1 4, further comprising: 

determining whether the encrypted rendition of the electronic document is available at 
the user location; 

wherein, if it is determined that the encrypted rendition is available at the user location, 
requesting access includes: 

extracting from the encrypted rendition a reference to the document repository where 
one or more renditions of the electronic document are stored; and 

requesting access to the rendition from the document repository identified by the 
extracted reference. 

16. The method of claim 15, wherein: 

the encrypted rendition includes a document identifier and the reference to the 
document repository includes a path for accessing the document repository over a computer 
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network; and 

requesting access includes: 

retrieving the document identifier and the path from the encrypted rendition; and 
sending an access request to the document repository specified by the retrieved path, 
the access request including the document identifier. 

17. The method of claim 14, wherein: 

the electronic voucher further includes a set of access policies for the electronic 
document. 

18. The method of claim 17, wherein the set of access policies include information 
indicating that a user at the user location is authorized to perform one or more of the 
following operations: 

adding content to the electronic document, adding comments to the electronic 
document, applying a digital signature to the electronic document, saving the electronic 
document, printing the electronic document, importing form data into the electronic 
document, exporting form data from the electronic document, and transmitting the electronic 
document to another user. 

19. The method of claim 17, further comprising: 

verifying, at the user location, that one or more requested operations are allowed by 
the set of access policies for the electronic document. 

20. The method of claim 17, wherein: 

the set of access policies is a set of access policies that resides in the document 
repository and specifies access rights to the electronic document. 

21 . The method of claim 14, wherein: 

the electronic voucher further includes a set of application rights, the application 
rights being operable to enable one or more disabled operations in an electronic document 
software application at the user location. 
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22. The method of claim 14, wherein the rendition is a Portable Document Format 
document. 

23 . The method of claim 1 4, further comprising: 
storing the received voucher at the user location. 

24. The method of claim 1 4, wherein receiving an electronic voucher comprises: 
determining whether an electronic voucher is stored locally at the user location; and 
if the electronic voucher is stored locally, retrieving the electronic voucher from the 

local storage; 

if the electronic voucher is not stored locally, requesting an electronic voucher from 
the document management system. 

25 . The method of claim 1 4, further comprising: 

receiving an encrypted rendition of the electronic document. 

26. The method of claim 14, wherein: 

the voucher includes expiration information including one or more of: a 
predetermined number of access operations before the voucher expires, a particular time 
period before the voucher expires, and a particular time when the voucher expires. 

27. A method for controlling access to an electronic document, comprising: 
receiving at a document management system a request from a user for access to an 

electronic document at a user location, a rendition of the electronic document being stored in 

a document repository in the document management system; 

authenticating the user at the document management system, to verify that the user is 

authorized to access the electronic document; and 

if the user is authorized to access the electronic document, 

creating, at the document management system, an encrypted rendition using the 

rendition that is stored in the document repository; 
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creating, at the document management system, a voucher including an electronic key 
operable to decrypt an encrypted rendition of the electronic document; and 
passing the electronic voucher to the user location. 

28. A computer program product, tangibly stored on a computer-readable medium, for 
controlling access to an electronic document, comprising instructions operable to cause a 
programmable processor to: 

receive at a document management system a request from a first user for an electronic 
document at a first user location, a rendition of the electronic document being stored in a 
document repository in the document management system; 

authenticate the first user at the document management system, using a set of access 
policies for the electronic document, to verify that the first user is authorized to obtain the 
electronic document; and 

if the first user is authorized to obtain the electronic document, 

pass an encrypted rendition of the electronic document to the first user; 
receive at the document management system a request from a second user for 
access to the encrypted rendition; 

authenticate the second user at the document management system, using the 
set of access policies, to establish which operations the second user is allowed to 
perform on the encrypted rendition; 

create, at the document management system, a voucher, the voucher including 
an electronic key operable to decrypt the encrypted rendition of the electronic 
document and the set of access policies for the electronic document; and 
pass the electronic voucher to a second user location. 

29. The computer program product of claim 28, further comprising instructions to: 
create, at the document management system, the encrypted rendition using the 

rendition that is stored in the document repository. 

30. The computer program product of claim 29, wherein the instructions to create a 
voucher comprise instructions to: 
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obtain the set of access policies for the second user from an access control list that is 
associated with the electronic document; and 

include the obtained set of access policies in the electronic voucher. 

3 1 . The computer program product of claim 29, wherein the set of access policies for the 
electronic document identify one or more of the following operations: 

adding content to the rendition, adding comments to the rendition, applying a digital 
signature to the rendition, saving the rendition, printing the rendition, importing form data 
into the rendition, exporting form data from the rendition, and transmitting the rendition to 
another user. 

32. The computer program product of claim 29, further comprising instructions to: 
include a list of application rights in the electronic voucher prior to passing the 

electronic voucher to the second user location. 

33. The computer program product of claim 29, further comprising instructions to: 
include expiration information in the electronic voucher prior to passing the 

electronic voucher to the user location. 

34. The computer program product of claim 33, wherein the expiration information 
includes one or more of: a predetermined number of access operations before the voucher 
expires, a particular time period before the voucher expires, and a particular time when the 
voucher expires. 

35. The computer program product of claim 28, wherein: 

the instructions to provide the encrypted rendition include instructions to provide the 
encrypted rendition from a location other than the document repository. 

36. The computer program product of claim 35, wherein: 

the instructions to provide the encrypted rendition include instructions to provide the 
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encrypted rendition from the first user location. 

37. The computer program product of claim 28, wherein the rendition is a Portable 
Document Format document. 

5 

38. The computer program product of claim 28, further comprising instructions to: 
record information relating to the request in an audit trail for the electronic document. 

39. The computer program product of claim 28, wherein the first user and the second user 
1 0 are the same individual. 

40. The computer program product of claim 28, wherein the first user location and the 
second user location are identical, 

15 41 . A computer program product, tangibly stored on a computer-readable medium, for 

accessing an electronic document, comprising instructions operable to cause a programmable 
processor to: 

request, from a document management system, access at a user location to an 
electronic document, one or more renditions of the electronic document being stored in a 
20 document repository in the document management system; 

receive at the user location an electronic voucher for the electronic document, the 
electronic voucher being issued by the document management system and including an 
electronic key operable to decrypt an encrypted rendition of the electronic document; and 
use the electronic key of the electronic voucher at the user location to decrypt the 
25 encrypted rendition of the electronic document, 

42. The computer program product of claim 41 , further comprising instructions to: 

determine whether the encrypted rendition of the electronic document is available at 
the user location; 

30 wherein, if it is determined that the encrypted rendition is available at the user 

location, requesting access includes instructions to: 
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extract from the encrypted rendition a reference to the document repository where one 
or more renditions of the electronic document are stored; and 

request access to the rendition from the document repository identified by the 
extracted reference. 

43. The computer program product of claim 42, wherein: 

the encrypted rendition includes a document identifier and the reference to the 
document repository includes a path for accessing the document repository over a computer 
network; and 

the instructions to request access include instructions to: 
retrieve the document identifier and the path from the encrypted rendition; and 
send an access request to the document repository specified by the retrieved path, the 
access request including the document identifier. 

44. The computer program product of claim 41, wherein: 

the electronic voucher further includes a set of access policies for the electronic 
document. 

45. The computer program product of claim 44, wherein the set of access policies include 
information indicating that a user at the user location is authorized to perform one or more of 
the following operations: 

adding content to the electronic document, adding comments to the electronic 
document, applying a digital signature to the electronic document, saving the electronic 
document, printing the electronic document, importing form data into the electronic 
document, exporting form data from the electronic document, and transmitting the electronic 
document to another user. 

46. The computer program product of claim 44, further comprising instructions to: 
verify, at the user location, that one or more requested operations are allowed by the 

set of access policies for the electronic document. 
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47. The computer program product of claim 44, wherein: 

the set of access policies is a set of access policies that resides in the document 
repository and specifies access rights to the electronic document. 

48. The computer program product of claim 41 , wherein: 

the electronic voucher further includes a set of application rights, the application 
rights being operable to enable one or more disabled operations in an electronic document 
software application at the user location. 

49. The computer program product of claim 41, wherein the rendition is a Portable 
Document Format document. 

50. The computer program product of claim 41, further comprising instructions to: 
store the received voucher at the user location. 

5 1 . The computer program product of claim 41 , wherein the instructions to receive an 
electronic voucher comprise instructions to: 

determine whether an electronic voucher is stored locally at the user location; and 
if the electronic voucher is stored locally, retrieving the electronic voucher from the 
local storage; 

if the electronic voucher is not stored locally, request an electronic voucher from the 
document management system. 

52. The computer program product of claim 41, further comprising instructions to: 
receive an encrypted rendition of the electronic document. 

53 . The computer program product of claim 4 1 , wherein: 

the voucher includes expiration information including one or more of: a 
predetermined number of access operations before the voucher expires, a particular time 
period before the voucher expires, and a particular time when the voucher expires. 
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54. A computer program product, tangibly stored on a computer-readable medium, for 
controlling access to an electronic document, comprising instructions operable to cause a 
programmable processor to: 

receive at a document management system a request from a user for access to an 
electronic document at a user location, a rendition of the electronic document being stored in 
a document repository in the document management system; 

authenticate the user at the document management system, to verify that the user is 
authorized to access the electronic document; and 

if the user is authorized to access the electronic document, 

create, at the document management system, an encrypted rendition using the 
rendition that is stored in the document repository; 

create, at the document management system, a voucher including an electronic key 
operable to decrypt an encrypted rendition of the electronic document; and 

pass the electronic voucher to the user location. 
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